Your SQL syntax is wrong; the string has to be in single quotes. But you should never, never do this, as you're opening the door to a SQL injection attack (Google that to learn about it if you don't know what it is.) Instead, you should just do this:

Ernest Friedman-Hill wrote:Your SQL syntax is wrong; the string has to be in single quotes. But you should never, never do this, as you're opening the door to a SQL injection attack (Google that to learn about it if you don't know what it is.) Instead, you should just do this: